Free Malware Removal Forum

[Gronz]

OTL logfile created on: 7/8/2014 1:12:12 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pablo Desktop\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 41.03% Memory free
7.99 Gb Paging File | 5.17 Gb Available in Paging File | 64.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 83.22 Gb Free Space | 27.92% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 196.27 Gb Free Space | 42.14% Space Free | Partition Type: NTFS
Drive E: | 371.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1863.01 Gb Total Space | 201.08 Gb Free Space | 10.79% Space Free | Partition Type: NTFS
Drive G: | 14.61 Gb Total Space | 14.38 Gb Free Space | 98.40% Space Free | Partition Type: FAT32
Drive M: | 1863.01 Gb Total Space | 94.51 Gb Free Space | 5.07% Space Free | Partition Type: NTFS
Drive N: | 1863.01 Gb Total Space | 96.50 Gb Free Space | 5.18% Space Free | Partition Type: NTFS

Computer Name: PABLODESKTOP-PC | User Name: Pablo Desktop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/07/08 00:39:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pablo Desktop\Desktop\OTL.exe
PRC - [2014/07/05 01:00:01 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
PRC - [2014/06/22 02:45:17 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/05/27 07:38:54 | 000,219,832 | ---- | M] () -- C:\Users\PABLOD~1\AppData\Roaming\Dashlane\Dashlane.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/02/15 19:45:10 | 004,163,584 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/15 20:54:50 | 000,584,864 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\OAcat.exe
PRC - [2013/06/04 11:21:46 | 000,702,976 | ---- | M] () -- C:\Program Files (x86)\mysms\mysms.exe
PRC - [2009/12/15 13:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe


========== Modules (No Company Name) ==========

MOD - [2014/06/22 02:45:16 | 003,852,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/05/27 07:38:54 | 000,219,832 | ---- | M] () -- C:\Users\PABLOD~1\AppData\Roaming\Dashlane\Dashlane.exe
MOD - [2014/05/27 07:38:04 | 002,041,528 | ---- | M] () -- C:\Users\Pablo Desktop\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.2.4.1.63897.dll
MOD - [2014/05/27 07:38:04 | 000,423,608 | ---- | M] () -- C:\Users\PABLOD~1\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.2.4.1.63897.dll
MOD - [2014/05/27 07:38:04 | 000,423,608 | ---- | M] () -- C:\Users\Pablo Desktop\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.2.4.1.63897.dll
MOD - [2014/05/27 07:38:04 | 000,263,352 | ---- | M] () -- C:\Users\PABLOD~1\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.2.4.1.63897.dll
MOD - [2014/05/27 07:38:04 | 000,263,352 | ---- | M] () -- C:\Users\Pablo Desktop\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.2.4.1.63897.dll
MOD - [2014/05/27 07:38:02 | 012,154,040 | ---- | M] () -- C:\Users\Pablo Desktop\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.2.4.1.63897.dll
MOD - [2014/05/27 07:38:00 | 028,239,544 | ---- | M] () -- C:\Users\PABLOD~1\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.2.4.1.63897.dll
MOD - [2014/05/27 07:38:00 | 028,239,544 | ---- | M] () -- C:\Users\Pablo Desktop\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.2.4.1.63897.dll
MOD - [2014/05/27 07:38:00 | 004,805,304 | ---- | M] () -- C:\Users\PABLOD~1\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.2.4.1.63897.dll
MOD - [2014/05/27 07:38:00 | 004,805,304 | ---- | M] () -- C:\Users\Pablo Desktop\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.2.4.1.63897.dll
MOD - [2014/05/27 07:38:00 | 000,363,704 | ---- | M] () -- C:\Users\PABLOD~1\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.2.4.1.63897.dll
MOD - [2014/05/27 07:38:00 | 000,363,704 | ---- | M] () -- C:\Users\Pablo Desktop\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.2.4.1.63897.dll
MOD - [2014/05/27 07:38:00 | 000,255,160 | ---- | M] () -- C:\Users\PABLOD~1\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.2.4.1.63897.dll
MOD - [2014/05/27 07:38:00 | 000,255,160 | ---- | M] () -- C:\Users\Pablo Desktop\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.2.4.1.63897.dll
MOD - [2014/05/27 07:37:58 | 004,319,416 | ---- | M] () -- C:\Users\PABLOD~1\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.2.4.1.63897.dll
MOD - [2014/05/27 07:37:54 | 000,224,952 | ---- | M] () -- C:\Users\Pablo Desktop\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Dashlanef_300.2.4.1.63897.dll
MOD - [2013/06/04 11:21:46 | 000,702,976 | ---- | M] () -- C:\Program Files (x86)\mysms\mysms.exe
MOD - [2013/06/04 09:04:12 | 019,622,912 | ---- | M] () -- C:\Program Files (x86)\mysms\QtWebKit4.dll
MOD - [2013/05/27 04:48:22 | 001,445,888 | ---- | M] () -- C:\Program Files (x86)\mysms\libeay32.dll
MOD - [2013/05/27 04:48:22 | 000,324,608 | ---- | M] () -- C:\Program Files (x86)\mysms\ssleay32.dll
MOD - [2009/12/15 13:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/12/15 13:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2014/04/15 06:59:16 | 000,043,320 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2014/02/28 21:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/29 20:52:38 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/02/08 11:30:42 | 000,359,664 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/07/03 23:10:02 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/22 02:45:16 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/15 06:59:20 | 002,140,984 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2014/04/15 06:59:16 | 000,036,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2014/03/23 11:53:52 | 000,050,504 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Google\Chrome Remote Desktop\34.0.1847.86\remoting_host.exe -- (chromoting)
SRV - [2014/02/15 19:45:10 | 004,163,584 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/15 20:55:08 | 004,457,688 | ---- | M] (Emsisoft GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Online Armor\OAsrv.exe -- (SvcOnlineArmor)
SRV - [2013/10/15 20:54:50 | 000,584,864 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\OAcat.exe -- (OAcat)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/19 19:00:21 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2013/06/19 09:48:18 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2013/06/19 09:20:48 | 000,270,192 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/07/07 23:52:34 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/02/26 02:51:19 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2013/11/10 12:32:48 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/10/01 19:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/04/29 21:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2013/04/29 21:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/04/29 19:48:14 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/02/25 10:12:04 | 002,426,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013/01/29 18:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/01/29 18:15:04 | 000,029,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2013/01/22 09:52:08 | 000,075,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/01/03 01:17:48 | 000,043,400 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2013/01/03 01:17:38 | 000,079,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2013/01/03 01:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/01/03 01:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2013/01/03 01:17:38 | 000,015,752 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2012/10/18 11:12:44 | 000,095,344 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2012/10/18 11:12:44 | 000,021,872 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2012/09/21 12:04:24 | 000,024,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2012/09/21 12:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64)
DRV:64bit: - [2012/09/21 12:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/08/23 07:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/05/13 23:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/04/15 13:05:05 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/04/15 12:34:58 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/04/15 12:34:58 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 20:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 20:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/11 01:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/11/11 01:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/11/11 01:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/05/17 20:04:08 | 000,020,456 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2014/04/22 18:43:46 | 000,071,472 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2013/12/04 19:23:36 | 000,057,024 | ---- | M] (Emsisoft GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys -- (cleanhlp)
DRV - [2013/10/15 20:55:37 | 000,064,720 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\OADriver.sys -- (OADevice)
DRV - [2013/10/15 20:55:37 | 000,052,360 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\OAmon.sys -- (OAmon)
DRV - [2013/10/15 20:54:56 | 000,062,008 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\oahlp64.sys -- (oahlpXX)
DRV - [2013/08/21 19:53:42 | 000,014,112 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2013/03/28 19:03:02 | 000,026,176 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = N:\Pictures 32.7mb
IE - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000\..\SearchScopes,DefaultScope = {7C5B3D97-747C-409E-A847-6C7E5F71E276}
IE - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000\..\SearchScopes\{7C5B3D97-747C-409E-A847-6C7E5F71E276}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = N:\Pictures 32.7mb
IE - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope = {7C5B3D97-747C-409E-A847-6C7E5F71E276}
IE - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{7C5B3D97-747C-409E-A847-6C7E5F71E276}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B442718d9-475e-452a-b3e1-fb1ee16b8e9f%7D:2.4.1.63897
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Pablo Desktop\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Pablo Desktop\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pablo Desktop\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pablo Desktop\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}: C:\Users\Pablo Desktop\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} [2014/06/01 13:31:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/05/14 23:00:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pablo Desktop\AppData\Roaming\mozilla\Extensions
[2014/07/01 23:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pablo Desktop\AppData\Roaming\mozilla\Firefox\Profiles\1npb5xvv.default\extensions
[2014/07/02 22:09:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pablo Desktop\AppData\Roaming\mozilla\Firefox\Profiles\q0uxwz1p.default-1395470349910\extensions
[2014/05/13 21:29:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pablo Desktop\AppData\Roaming\mozilla\Firefox\Profiles\q0uxwz1p.default-1395470349910\extensions\trash
[2014/06/24 23:14:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pablo Desktop\AppData\Roaming\mozilla\Firefox\Profiles\v55u60d8.default\extensions
[2014/03/21 22:21:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pablo Desktop\AppData\Roaming\mozilla\Firefox\Profiles\v55u60d8.default\extensions\staged
[2014/07/02 22:09:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pablo Desktop\AppData\Roaming\mozilla\Firefox\Profiles\wbc ddd\extensions
[2013/10/30 21:06:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pablo Desktop\AppData\Roaming\mozilla\Firefox\Profiles\wbc ddd\extensions\staged
[2014/02/26 19:32:34 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\Pablo Desktop\AppData\Roaming\mozilla\firefox\profiles\v55u60d8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/07/01 23:04:01 | 000,009,419 | ---- | M] () -- C:\Users\Pablo Desktop\AppData\Roaming\mozilla\firefox\profiles\1npb5xvv.default\searchplugins\yahoo-avast.xml
[2014/06/22 02:45:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/22 02:45:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/06/01 13:31:39 | 000,000,000 | ---D | M] (Dashlane) -- C:\USERS\PABLO DESKTOP\APPDATA\ROAMING\DASHLANE\2.4.1.63897\BIN\FIREFOX_EXTENSION\{442718D9-475E-452A-B3E1-FB1EE16B8E9F}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file

O1 HOSTS File: ([2014/03/23 00:11:40 | 000,001,109 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000..\Run: [mysms] C:\Program Files (x86)\mysms\mysms.exe ()
O4 - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [mysms] C:\Program Files (x86)\mysms\mysms.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O7 - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O7 - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O7 - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O7 - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O7 - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1461796922-2295090772-3146457609-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {55A2C0CD-3DE8-4264-9637-A0B40B05714E} https://col0-sec.mail.live.com/mail/Mai ... 1934404127 (Reg Error: Key error.)
O16 - DPF: {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} https://www.mydlink.com/8D/activeX//TunnelX.ocx (Reg Error: Key error.)
O16 - DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} https://www.mydlink.com/8D/activeX//DCS ... LiteDL.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B9719E2-C9AD-4651-AC33-70F356CF0B38}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\http - No CLSID value found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https - No CLSID value found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18 - Protocol\Handler\http - No CLSID value found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https - No CLSID value found
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\ccleaner64.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\hitmanpro.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\uninst.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\ccleaner64.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\hitmanpro.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\uninst.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O28 - HKLM ShellExecuteHooks: {F552DDE6-2090-4bf4-B924-6141E87789A5} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2013/12/11 04:42:20 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013/12/11 04:42:20 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/12/20 20:36:42 | 000,000,000 | ---D | M] - E:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2008/12/30 00:55:54 | 000,000,058 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2013/12/11 04:42:23 | 000,000,000 | RHSD | M] - M:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013/12/11 04:42:23 | 000,000,000 | RHSD | M] - N:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{5760d06b-d7f2-11e2-a3d3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5760d06b-d7f2-11e2-a3d3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun\AutoRun.exe -- [2009/10/22 01:17:44 | 000,046,376 | R--- | M] ()
O33 - MountPoints2\{fd9037b5-defa-11e3-b09f-001fd081bc87}\Shell - "" = AutoRun
O33 - MountPoints2\{fd9037b5-defa-11e3-b09f-001fd081bc87}\Shell\AutoRun\command - "" = I:\LG_PC_Programs.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/07/08 00:43:01 | 000,000,000 | ---D | C] -- C:\Users\Pablo Desktop\Desktop\Kill MsiExec.exe
[2014/07/08 00:39:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pablo Desktop\Desktop\OTL.exe
[2014/07/07 23:01:19 | 006,762,112 | ---- | C] (ParetoLogic, Inc.) -- C:\Users\Pablo Desktop\Desktop\RegCureProSetup.exe
[2014/07/07 20:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2014/07/07 04:34:41 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/07 04:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/07 04:34:13 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/07/07 04:34:13 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/07/07 04:34:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/07/07 04:33:32 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/07/05 15:04:07 | 000,000,000 | ---D | C] -- C:\Users\Pablo Desktop\AppData\Local\CrashDumps
[2014/07/04 02:00:19 | 000,000,000 | ---D | C] -- C:\Users\Pablo Desktop\AppData\Local\Adobe
[2014/07/03 05:30:49 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/07/01 23:13:52 | 000,000,000 | ---D | C] -- C:\Users\Pablo Desktop\AppData\Roaming\DropboxMaster
[2014/07/01 23:13:33 | 000,000,000 | ---D | C] -- C:\Users\Pablo Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/07/01 23:10:43 | 000,000,000 | ---D | C] -- C:\Users\Pablo Desktop\AppData\Roaming\Dropbox
[2014/07/01 23:00:32 | 000,000,000 | ---D | C] -- C:\Users\Pablo Desktop\AppData\Roaming\AVAST Software
[2014/07/01 22:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/07/01 22:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/06/25 01:32:55 | 000,000,000 | ---D | C] -- C:\Users\Pablo Desktop\AppData\Local\FreeOCR
[2014/06/24 23:18:21 | 002,680,320 | ---- | C] (HiComponents) -- C:\Windows\SysWow64\ImageEnXLibrary.ocx
[2014/06/24 23:15:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2014/06/24 23:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\002
[2014/06/24 23:14:45 | 000,000,000 | ---D | C] -- C:\Users\Pablo Desktop\Downloads
[2014/06/24 17:58:59 | 000,000,000 | ---D | C] -- C:\Users\Pablo Desktop\Desktop\Win 7 Wallpaper
[2014/06/22 06:01:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2014/06/22 02:45:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/03/01 12:26:34 | 000,918,728 | ---- | C] (Dashlane inc.) -- C:\Users\Pablo Desktop\Dashlane_Launcher-1392831805.exe
[2013/12/15 01:05:15 | 002,520,814 | ---- | C] (Dominik Reichl ) -- C:\Users\Pablo Desktop\KeePass-2.24-Setup.exe
[2013/12/04 21:42:42 | 011,543,956 | ---- | C] (Up to Eleven Digital Solutions GmbH ) -- C:\Users\Pablo Desktop\mysms-setup (1).exe

========== Files - Modified Within 30 Days ==========

[2014/07/08 00:53:06 | 002,487,985 | ---- | M] () -- C:\Users\Pablo Desktop\Desktop\phpBB-3.0.12.zip
[2014/07/08 00:45:27 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/08 00:39:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pablo Desktop\Desktop\OTL.exe
[2014/07/08 00:36:04 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1461796922-2295090772-3146457609-1000UA.job
[2014/07/07 23:52:34 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/07 23:22:04 | 001,107,968 | ---- | M] () -- C:\Users\Pablo Desktop\Desktop\RSIT.exe
[2014/07/07 23:01:26 | 006,762,112 | ---- | M] (ParetoLogic, Inc.) -- C:\Users\Pablo Desktop\Desktop\RegCureProSetup.exe
[2014/07/07 22:49:41 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/07 22:49:41 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/07 22:42:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/07 22:42:02 | 3219,890,176 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/07 19:00:03 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/07/07 19:00:03 | 000,662,400 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/07/07 19:00:03 | 000,122,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/07/07 04:34:15 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/07 03:54:52 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1461796922-2295090772-3146457609-1000Core.job
[2014/07/06 21:32:27 | 004,821,930 | ---- | M] () -- C:\Users\Pablo Desktop\Desktop\Phoenix Home I live In.jpg
[2014/07/05 01:07:29 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/05 01:07:29 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/05 00:54:22 | 000,019,687 | ---- | M] () -- C:\Users\Pablo Desktop\Cars_BMW_640x480_127.jpg
[2014/07/03 23:10:02 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/07/03 23:10:02 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/06/23 20:44:53 | 000,000,967 | ---- | M] () -- C:\Users\Pablo Desktop\Desktop\mysms.lnk
[2014/06/23 17:25:51 | 000,125,098 | ---- | M] () -- C:\Users\Pablo Desktop\Desktop\poor Hillary.JPG
[2014/06/22 18:13:11 | 000,002,076 | ---- | M] () -- C:\Users\Pablo Desktop\Desktop\LG Burning Tool.lnk
[2014/06/22 06:05:51 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink Media Suite.lnk

========== Files Created - No Company Name ==========

[2014/07/08 00:52:51 | 002,487,985 | ---- | C] () -- C:\Users\Pablo Desktop\Desktop\phpBB-3.0.12.zip
[2014/07/07 23:22:02 | 001,107,968 | ---- | C] () -- C:\Users\Pablo Desktop\Desktop\RSIT.exe
[2014/07/07 04:33:33 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/06 21:30:48 | 004,821,930 | ---- | C] () -- C:\Users\Pablo Desktop\Desktop\Phoenix Home I live In.jpg
[2014/07/05 00:54:22 | 000,019,687 | ---- | C] () -- C:\Users\Pablo Desktop\Cars_BMW_640x480_127.jpg
[2014/06/23 17:25:51 | 000,125,098 | ---- | C] () -- C:\Users\Pablo Desktop\Desktop\poor Hillary.JPG
[2014/06/22 06:05:51 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink Media Suite.lnk
[2014/06/22 06:03:33 | 000,002,076 | ---- | C] () -- C:\Users\Pablo Desktop\Desktop\LG Burning Tool.lnk
[2014/04/19 02:34:27 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\WDPABKP.dat
[2014/03/18 06:31:06 | 000,000,119 | ---- | C] () -- C:\Windows\efix.ini
[2013/12/29 13:31:23 | 000,025,666 | ---- | C] () -- C:\Users\Pablo Desktop\AppData\Roaming\UserTile.png
[2013/12/23 22:10:33 | 000,774,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/10 06:51:21 | 023,893,977 | ---- | C] () -- C:\Users\Pablo Desktop\regrunplat.zip
[2013/09/15 22:28:49 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini
[2013/07/22 19:08:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/06/20 01:32:55 | 000,000,017 | ---- | C] () -- C:\Users\Pablo Desktop\AppData\Local\resmon.resmoncfg
[2013/06/19 03:58:00 | 000,064,720 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys
[2013/06/19 03:58:00 | 000,062,008 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys
[2013/06/18 02:36:54 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013/06/18 02:00:31 | 000,000,363 | ---- | C] () -- C:\Users\Pablo Desktop\RecentPlaces.lnk
[2013/06/18 01:40:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/04/29 19:37:40 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/04/29 19:37:40 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/09/21 12:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/09/21 12:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/09/21 12:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/12/05 01:16:01 | 000,000,000 | ---D | M] -- C:\Users\Pablo Desktop\AppData\Roaming\amazon
[2013/07/07 21:50:48 | 000,000,000 | ---D | M] -- C:\Users\Pablo Desktop\AppData\Roaming\AnvSoft
[2014/05/25 22:12:11 | 000,000,000 | ---D | M] -- C:\Users\Pablo Desktop\AppData\Roaming\Ashampoo
[2014/03/12 18:51:02 | 000,000,000 | ---D | M] -- C:\Users\Pablo Desktop\AppData\Roaming\Ashampoo Slideshow Studio HD 3
[2014/07/01 23:00:32 | 000,000,000 | ---D | M] -- C:\Users\Pablo Desktop\AppData\Roaming\AVAST Software
[2013/09/10 06:02:51 | 000,000,000 | ---D | M] -- C:\Users\Pablo Desktop\AppData\Roaming\CompuClever
[2014/06/01 13:45:07 | 000,000,000 | ---D | M] -- C:\Users\Pablo Desktop\AppData\Roaming\Dashlane
[2014/03/18 00:36:59 | 000,000,000 | ---D | M] -- C:\Users\Pablo Desktop\AppData\Roaming\DriverCure
[2014/07/01 23:14:08 | 000,000,000 | ---D | M] -- C:\Users\Pablo Desktop\AppData\Roaming\Dropbox
[2014/07/01 23:13:53 | 000,000,000 | ---D | M] -- C:\Users\Pablo Desktop\AppData\Roaming\DropboxMaster
[2013/07/17 21:41:18 | 000,000,000 | ---D | M] -- C:\Users\Pablo Desktop\AppData\Roaming\eM Client
[2013/11/24 00:18:58 | 000,000,000 | ---D | M] -- C:\Users\Pablo Desktop\AppData\Roaming\EurekaLab s.a.s
[2011/03/24 11:47:11 | 000,000,000 | ---D | M] -- C:\Users\Pablo Desktop\AppData\Roaming\Foxit Software
[2013/06/25 07:58:22 | 000,000,000 | ---D | M] -- C:\Users\Pablo Desktop\AppData\Roaming\Leadertech
[2013/11/24 21:00:16 | 000,000,000 | ---D | M] -- C:\Users\Pablo Desktop\AppData\Roaming\MOVAVI
[2013/06/19 03:59:36 | 000,000,000 | ---D | M] -- C:\Users\Pablo Desktop\AppData\Roaming\OnlineArmor
[2013/12/17 21:16:03 | 000,000,000 | ---D | M] -- C:\Users\Pablo Desktop\AppData\Roaming\onOne Software
[2014/05/26 21:20:13 | 000,000,000 | ---D | M] -- C:\Users\Pablo Desktop\AppData\Roaming\Oracle
[2014/04/15 17:38:03 | 000,000,000 | ---D | M] -- C:\Users\Pablo Desktop\AppData\Roaming\ParetoLogic
[2013/06/23 00:39:59 | 000,000,000 | ---D | M] -- C:\Users\Pablo Desktop\AppData\Roaming\PDF Reader
[2013/07/31 17:06:58 | 000,000,000 | ---D | M] -- C:\Users\Pablo Desktop\AppData\Roaming\SparkTrust
[2013/09/12 01:05:03 | 000,000,000 | ---D | M] -- C:\Users\Pablo Desktop\AppData\Roaming\TuneUp Software
[2013/09/06 03:16:37 | 000,000,000 | ---D | M] -- C:\Users\Pablo Desktop\AppData\Roaming\Youtube Downloader HD

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:373E1720

< End of report >

OTL Extras logfile created on: 7/8/2014 1:12:12 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pablo Desktop\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 41.03% Memory free
7.99 Gb Paging File | 5.17 Gb Available in Paging File | 64.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 83.22 Gb Free Space | 27.92% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 196.27 Gb Free Space | 42.14% Space Free | Partition Type: NTFS
Drive E: | 371.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1863.01 Gb Total Space | 201.08 Gb Free Space | 10.79% Space Free | Partition Type: NTFS
Drive G: | 14.61 Gb Total Space | 14.38 Gb Free Space | 98.40% Space Free | Partition Type: FAT32
Drive M: | 1863.01 Gb Total Space | 94.51 Gb Free Space | 5.07% Space Free | Partition Type: NTFS
Drive N: | 1863.01 Gb Total Space | 96.50 Gb Free Space | 5.18% Space Free | Partition Type: NTFS

Computer Name: PABLODESKTOP-PC | User Name: Pablo Desktop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05BBEC34-99FA-4D2E-B1DB-94BA03D813F2}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{068A3EA5-D953-4B71-85A4-176C8132A716}" = lport=445 | protocol=6 | dir=in | app=system |
"{08945532-EF45-40AB-8680-2F3181E7E7CB}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{19B22755-8465-4A68-A151-3080FC6BA542}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1AD7B8F5-0BD9-41D9-9315-C3D08B6778CE}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{22D961E4-8C15-4D1C-9469-5316A54E9AA3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25686B37-749E-498E-B188-2CEE74B9C63F}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{27F537C1-42F2-43C6-8CEB-CC4296B7869E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{29160383-B11E-427B-A058-947447091696}" = lport=139 | protocol=6 | dir=in | app=system |
"{2CE1D7FE-F855-47AA-93EA-53838BA14131}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{418BBCAE-F5B1-461D-8893-9B3AE53D84B7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{59ACB008-BCCF-49B8-B810-DFBEC91CCF3F}" = rport=137 | protocol=17 | dir=out | app=system |
"{6205CAA3-9671-4C0A-A429-74F6E21AF59E}" = rport=138 | protocol=17 | dir=out | app=system |
"{689858D9-4497-449F-8432-3A2D3830D613}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C04663E-73BF-42E4-9988-C41402872D8A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6FC3F9DE-0342-46C6-BE8E-41D4B9574E1E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{732592E1-7FA7-4861-B18B-1C90DC47978A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7BC95914-5D96-4114-BD9C-15E8AC7B7662}" = rport=139 | protocol=6 | dir=out | app=system |
"{7DDA38BE-BB5D-4896-A3DC-8404EFD29CCC}" = lport=138 | protocol=17 | dir=in | app=system |
"{87503C5F-0FC0-4F52-AF6A-0169349391A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9855AF99-0243-4946-BD36-1D48BEDF7C89}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9B2B3F22-AE1D-41E1-8187-7D486C0B6304}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{9FDBCD31-1F13-48AD-A5EE-777D1916E87A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A154885E-C6AC-48DE-920C-8686585D8113}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A428C033-AE76-4507-9ACC-85A5604717F0}" = lport=137 | protocol=17 | dir=in | app=system |
"{A697DA2C-AB90-429D-A6C9-659CD56B785B}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{AFF7F17B-BE79-4AAC-9DED-59817527EE91}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{B023594A-1769-4127-86E6-A4D5E812FA6F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B5D77FA5-0458-4486-AA67-BA0D46DD8EC5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C7E799C9-1A98-4FEB-965C-FFF8E53E5289}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{CF4840AC-FB1B-4E06-8078-D1BB700978CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CFC2B7A8-37F3-4BB1-AAC6-44642BB09506}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D06B41B1-9248-4A8C-AEC1-69F394A77B01}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D28EC775-A72F-4BDA-8729-D95612783160}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DA41CB42-C4B9-4B04-B86C-318B3EC265DD}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{E1BD7DE8-5F88-4FBE-86F9-A1D101B0E61F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E4B66D89-DB68-40DA-8430-8357D7A18501}" = rport=445 | protocol=6 | dir=out | app=system |
"{E66A5D51-362E-4174-8706-89B111D8EB5E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E7B99955-C6ED-427D-B7C7-6107D1983712}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F038BE89-348D-4FEB-B20F-B42097A1EE7F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FE527C61-5857-4351-A2A7-873C8D868A5C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05E75BA2-8BE4-4F3C-816F-AC9992A121F2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0CFE855C-01E1-4DD5-AB02-524A842576D3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{15595BC2-42DB-4824-94A7-28D7EF917ED3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1A8C07FF-F08C-4C0E-A5EB-2A7FB73DEAF1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{289FE11F-797D-4EDA-8E72-2E16CDCFCC3F}" = dir=in | app=e:\advanced\autorun.exe |
"{2A274D76-E465-449A-802F-7BE85B3EC59D}" = dir=in | app=c:\program files (x86)\google\chrome remote desktop\33.0.1750.125\remoting_host.exe |
"{2B8187B8-D881-4B38-B4E7-30D802FD0BB5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{440EFD30-F81A-45B7-92CB-E9087E54C85E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5C38F910-3DAE-45CF-ACC3-19368BD8ACD7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7FD9E5CE-E8FB-4D82-A45B-BF85892E64BB}" = dir=in | app=c:\users\pablo desktop\appdata\local\microsoft\skydrive\skydrive.exe |
"{8019BABF-3226-4A27-965C-9EE718BEEF2A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{884042F9-37D9-4ED4-956E-5F4821A33FCC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{96AC565C-1FB0-4BF4-BFD6-BB62C9CFF5C3}" = dir=in | app=e:\advanced\autorun.exe |
"{9815BC56-2E68-4733-AF0E-B277CA0B1C26}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AC3560A1-16C4-4450-B976-4C128A7E0FB6}" = dir=in | app=e:\advanced\autorun.exe |
"{AF72B7D9-E85F-4D17-A5EA-B29923F1F709}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B1E12567-B2B7-4254-8440-45A13085F69C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C3C8329E-782E-45C9-BD7B-D25F4E1D8295}" = dir=in | app=c:\program files (x86)\microsoft games\microsoft flight\flight.exe |
"{D390CA4A-330C-4B87-BF62-F9DDF2F46BB3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D5B4870A-DD39-4A40-B95F-BD0A5C83A4E7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E5A18D48-2AD9-4FF2-A99B-7BC902827EC6}" = protocol=6 | dir=out | app=system |
"{EBBF0918-778D-4D70-B403-2DC20DEAA7F4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F082E8D1-EAA0-466B-A858-5FE771CB5682}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0C9374E-0EC3-4D37-9110-8F6EEF755A85}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F90603B2-4639-4FB1-8758-3EB665ED3BB3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FB15618E-DC32-4AE6-B083-7C0A4037CE67}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{444895C6-AECE-4723-BAA9-73AE32612757}C:\program files (x86)\warthunder\aces.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\aces.exe |
"TCP Query User{EE71E382-62CF-4A32-919B-A3A8C9EFF75A}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"UDP Query User{7D8DB3C5-69F6-4F50-B498-C16AD67DB4BF}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"UDP Query User{A86651AB-E7F6-4F41-A9BD-40801197E1C3}C:\program files (x86)\warthunder\aces.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\aces.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034B6AC8-DCF6-585B-2AFD-3FF0D4A559BB}" = AMD Accelerated Video Transcoding
"{30921AC4-6875-F7DF-B48B-2BB68C000BB6}" = AMD Media Foundation Decoders
"{37FCE154-7F59-74F0-3A35-BF503CEB230B}" = AMD Catalyst Install Manager
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
"{6C676266-91E4-DC71-E661-13494AC29A3E}" = ccc-utility64
"{7DE24FDD-A655-4AB7-A877-7236B91A9675}" = Logitech H800
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{999DB5B3-EE44-8837-2B51-4AF44CD1FD22}" = AMD Drag and Drop Transcoding
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EC54143B-24CC-47D2-AB39-0F5701988BA4}" = WD SmartWare
"CCleaner" = CCleaner
"HitmanPro37" = HitmanPro 3.7
"Logitech Unifying" = Logitech Unifying Software 2.50
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"sp6" = Logitech SetPoint 6.52
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F14E5B-E07A-2A1E-6788-580773CE1486}" = CCC Help English
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A036215-0A8D-6FBE-7EA3-7AED4F9E162A}" = CCC Help Turkish
"{14C8CE46-C68C-461B-BCA9-E276A85851C6}" = TuneUp Utilities 2014 (en-US)
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15A05AAA-37E7-D516-5BE9-C960C2170403}" = CCC Help Czech
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG CyberLink Media Suite
"{20110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{21E9850E-58C2-FA88-D5AD-B64D253B8F82}" = CCC Help Thai
"{25A7270E-1B63-DFD1-ACBC-88852A305398}" = CCC Help Chinese Traditional
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{28164BD8-81EA-639A-85E9-E659E3EE6DA7}" = Catalyst Control Center InstallProxy
"{2E69E784-F84A-9A18-7D8E-4EB8504EEE1E}" = CCC Help Danish
"{362614E4-9ABB-E7A7-CDDC-239AB168060A}" = CCC Help Japanese
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG Burning Tool
"{4745F6F8-09DA-CC39-EC19-0E8D764CF2B7}" = CCC Help Chinese Standard
"{48F31003-B5A3-4E17-917A-5DDFF60B9FA2}_is1" = mysms version 2.0.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D5308D2-DC8E-4658-A37C-351000058100}" = Microsoft Flight
"{4FA31DE2-B613-24BB-1738-B655C00B1C9D}" = CCC Help Hungarian
"{58771CF6-F212-CC4D-61B1-45CC70B6375C}" = CCC Help Dutch
"{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}" = Microsoft Games for Windows Marketplace
"{6D5CE5F1-CBB0-9ED4-1A1E-91DDCD6225FD}" = CCC Help Italian
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{707210B0-29F1-C550-BA96-6ECDA245CF24}" = CCC Help Spanish
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{812B956B-37AB-24B9-4527-78A6D3ECE7F8}" = CCC Help Korean
"{83293709-B863-0EF6-00DA-B026D486E8B5}" = CCC Help Polish
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{88B2ABCF-9C00-47C1-8FC4-369B98845DD7}" = Catalyst Control Center - Branding
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 3.1.0
"{911904DE-EBB6-BC8E-D5BD-762B7DB42C46}" = CCC Help Greek
"{91B33C97-0CE8-6ABD-1CF4-0DAF2CCF492A}_is1" = Ashampoo Slideshow Studio HD 3 v.3.0.3
"{91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1" = Ashampoo Burning Studio 14 v.14.0.4
"{924A274D-38B6-4930-8859-F3F51CFA8DDD}" = WD SES Driver Setup
"{9903011B-5F1D-A2A1-8078-EE62B3324CCE}" = CCC Help Portuguese
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7F1628-2126-34A5-852D-2B93328BCF3F}" = CCC Help German
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A6F5703D-A4B1-4857-9EDD-DC0ABBBB0D96}" = TuneUp Utilities Language Pack (en-US)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{AE6C422B-DADB-D547-411C-E9E56DF03D16}" = CCC Help Russian
"{B09567CC-E43F-10F1-752D-549AC7FB0C43}" = CCC Help Finnish
"{B170B91D-E8E3-A6A3-D129-D8E36FEA8A0B}" = CCC Help Norwegian
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BD96ABD3-D1D4-5513-6C60-11476D6DCFC5}" = Catalyst Control Center Localization All
"{C39C7876-4D21-8A38-0A42-B5C8858EC6C7}" = CCC Help French
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4236B82-213F-679E-09A2-9AEB5EF4CADC}" = Catalyst Control Center Graphics Previews Common
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EBBD4FE6-91DA-C397-6D56-FE85DBF24FCF}" = Catalyst Control Center
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCEFDA6B-63CD-BB17-B845-478A42E24D39}" = CCC Help Swedish
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}" = TuneUp Utilities 2014
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Ashampoo Burning Studio 12_is1" = Ashampoo Burning Studio 12 v.12.0.1
"Belarc Advisor" = Belarc Advisor 8.4
"GFWL_{4D5308D2-DC8E-4658-A37C-351000058100}" = Microsoft Flight
"Google Desktop" = Google Desktop
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG CyberLink Media Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG Burning Tool
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mozilla Firefox 30.0 (x86 en-US)" = Mozilla Firefox 30.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OnlineArmor_is1" = Online Armor 6.0
"TuneUp Utilities" = TuneUp Utilities 2014
"VLC media player" = VLC media player 2.1.3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1461796922-2295090772-3146457609-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dashlane" = Dashlane
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1461796922-2295090772-3146457609-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dashlane" = Dashlane
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/11/2014 7:50:09 AM | Computer Name = PabloDesktop-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 5/14/2014 12:15:06 AM | Computer Name = PabloDesktop-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 29.0.1.5239 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ed0 Start
Time: 01cf6f1c6bd5f412 Termination Time: 16 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 4e124552-db1e-11e3-ad5c-001fd081bc87

Error - 5/18/2014 2:44:15 AM | Computer Name = PabloDesktop-PC | Source = Application Hang | ID = 1002
Description = The program WINWORD.EXE version 11.0.5207.4 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 12ec Start
Time: 01cf72644ff6ed43 Termination Time: 3 Application Path: C:\Program Files (x86)\Microsoft
Office\OFFICE11\WINWORD.EXE Report Id: c664b65b-de57-11e3-8937-001fd081bc87

Error - 5/18/2014 2:47:28 AM | Computer Name = PabloDesktop-PC | Source = Application Hang | ID = 1002
Description = The program WINWORD.EXE version 11.0.5207.4 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1898 Start
Time: 01cf7264c94d9c59 Termination Time: 0 Application Path: C:\Program Files (x86)\Microsoft
Office\OFFICE11\WINWORD.EXE Report Id: 41651315-de58-11e3-8937-001fd081bc87

Error - 5/19/2014 7:56:01 PM | Computer Name = PabloDesktop-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 5/28/2014 9:26:32 AM | Computer Name = PabloDesktop-PC | Source = Application Error | ID = 1000
Description = Faulting application name: OUTLOOK.EXE, version: 11.0.5207.5, time
stamp: 0x3ea0af8d Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000001 Faulting process id: 0x161c Faulting application
start time: 0x01cf7a7861df595d Faulting application path: C:\Program Files (x86)\Microsoft
Office\OFFICE11\OUTLOOK.EXE Faulting module path: unknown Report Id: ae43a8d4-e66b-11e3-a43e-001fd081bc87

Error - 5/29/2014 5:40:51 AM | Computer Name = PabloDesktop-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MsiExec.exe, version: 5.0.7601.17514, time
stamp: 0x4ce792c4 Faulting module name: MSI9EB3.tmp, version: 2.0.0.9, time stamp:
0x4d4b089c Exception code: 0xc000000d Fault offset: 0x00019d88 Faulting process id:
0x62fc Faulting application start time: 0x01cf7b2212f672d2 Faulting application path:
C:\Windows\SysWOW64\MsiExec.exe Faulting module path: C:\Windows\Installer\MSI9EB3.tmp
Report
Id: 521874c3-e715-11e3-a612-001fd081bc87

Error - 5/29/2014 5:40:58 AM | Computer Name = PabloDesktop-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MsiExec.exe, version: 5.0.7601.17514, time
stamp: 0x4ce792c4 Faulting module name: MSIBBA9.tmp, version: 2.0.0.9, time stamp:
0x4d4b089c Exception code: 0xc000000d Fault offset: 0x00019d88 Faulting process id:
0x22e8 Faulting application start time: 0x01cf7b221712e84b Faulting application path:
C:\Windows\SysWOW64\MsiExec.exe Faulting module path: C:\Windows\Installer\MSIBBA9.tmp
Report
Id: 55d8bf22-e715-11e3-a612-001fd081bc87

Error - 6/1/2014 2:27:54 PM | Computer Name = PabloDesktop-PC | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error - 6/2/2014 10:07:21 AM | Computer Name = PabloDesktop-PC | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

[ Media Center Events ]
Error - 8/22/2013 10:42:45 PM | Computer Name = PabloDesktop-PC | Source = MCUpdate | ID = 0
Description = 7:42:40 PM - Error connecting to the internet. 7:42:40 PM - Unable
to contact server..

[ System Events ]
Error - 7/8/2014 1:42:25 AM | Computer Name = PabloDesktop-PC | Source = Service Control Manager | ID = 7000
Description = The TuneUp Utilities Service service failed to start due to the following
error: %%1053

Error - 7/8/2014 1:42:27 AM | Computer Name = PabloDesktop-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the WD
Drive Manager service to connect.

Error - 7/8/2014 1:42:27 AM | Computer Name = PabloDesktop-PC | Source = Service Control Manager | ID = 7000
Description = The WD Drive Manager service failed to start due to the following
error: %%1053

Error - 7/8/2014 1:42:28 AM | Computer Name = PabloDesktop-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Live ID Sign-in Assistant service to connect.

Error - 7/8/2014 1:42:28 AM | Computer Name = PabloDesktop-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Live ID Sign-in Assistant service failed to start due
to the following error: %%1053

Error - 7/8/2014 1:42:28 AM | Computer Name = PabloDesktop-PC | Source = Service Control Manager | ID = 7000
Description = The Security Center service failed to start due to the following error:
%%1079

Error - 7/8/2014 1:42:28 AM | Computer Name = PabloDesktop-PC | Source = Service Control Manager | ID = 7001
Description = The WD Backup service depends on the WD Drive Manager service which
failed to start because of the following error: %%1053

Error - 7/8/2014 1:43:11 AM | Computer Name = PabloDesktop-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk5\DR5, has a bad block.

Error - 7/8/2014 2:13:41 AM | Computer Name = PabloDesktop-PC | Source = DCOM | ID = 10010
Description =

Error - 7/8/2014 2:36:49 AM | Computer Name = PabloDesktop-PC | Source = Service Control Manager | ID = 7000
Description = The HitmanPro Scheduler service failed to start due to the following
error: %%2


< End of report >

My system has not been running well. It would nott al;low me to open MalwareBytes Pro so I uninstalled it, re-loaded it and it finally worked. I receive error messages when I attempt to open up certain files. I was unable to run DDS, but I am familiar with the OTL program from the Emsisoft Emergency Kit.

[Gary R]

OTL is no longer a supported tool, so I prefer not to rely on its findings.

Since you cannot run DDS, then please try the following ....

• Download FRST64 to your Desktop.
• Double click Frst64.exe to launch it.
• FRST will start to run.
  
  • When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
  • Please post them in your next reply.

[Gary R]

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.